Analyse rapport hitjackthis

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4146

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/05/2010 12:54:23
mbam-log-2010-05-31 (12-54-23).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 204190
Temps écoulé: 27 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxvfflazvgatpg (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.
D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\3HE3O2TS\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\Papa\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Documents and Settings\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Documents and Settings\Papa\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Documents and Settings\Papa\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uljzkidrkikgnomgl.dll (Trojan.Agent) -> Delete on reboot.

Bonsoir,
Qu'est-ce qui vous fais penser que je suis infecté par yoog search ?
Cordialement.

Bonjour,
Merci de me répondre toujours aussi vite.
J'ai refait un rapport hitjackthis ce matin,il me semble que "street ads browser aacutskf" nest plus présent.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:06, on 02/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [skb] rundll32 "kvzfzlyj.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\nhhcuetp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4948/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9d705ec2397f6) (gupdate1c9d705ec2397f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Une autre question :
Que sont,"04 kvzfzly.dll run"
04 nhhcuetp.exe
Merci encore.

Merci,
http://www.cijoint.fr/cjlink.php?file=cj201006/cijcMVkdqB.txt

Merci d'avance.

Bonjour,
Le rapport est disponible.
Merci.

LADS - Freeware version 4.10
(C) Copyright 1998-2007 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!

Scanning directory C:\WINDOWS\System32\Drivers\

size ADS in file
---------- ---------------------------------

0 bytes in 0 ADS listed

Ai-je bien manoeuvré ?

pas vraiment

retentes la manip ZHPFix stp

Désolé.
Pour ZHPfix,mon pc plante au moment de nettoyer,windows me demande "uninstall this wizard" je dis oui et là plantage ,je dois redémarrer.
Merci.

OK?ce soir ou demain.
Merci beaucoup.

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Papa (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 19:27:28 | 03/06/2010

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Norton Internet Security 16.5.0.134 [ (!) Disabled | Updated ]
FW : Norton Internet Security[ (!) Disabled ]16.5.0.134

C:\ -> Disque fixe local | 29,99 Go (12,42 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 148,5 Go (109,65 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
CTSyncU.exe REG_SZ "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
StandardInstall REG_SZ
BOOT REG_SZ C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
StartCCC REG_SZ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
CamserviceDP REG_SZ C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
IJNetworkScanUtility REG_SZ C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
Logitech Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
UsbBoost REG_SZ C:\Program Files\UsbBoost\TurboHddUsb.exe
CanonSolutionMenu REG_SZ C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
skb REG_SZ rundll32 "kvzfzlyj.dll",,Run
MChk REG_SZ C:\WINDOWS\system32\nhhcuetp.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NofolderOptions REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ CHAMBRE
DefaultUserName REG_SZ Papa
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Papa
AltDefaultDomainName REG_SZ CHAMBRE
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Disabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
C:\Program Files\AOL 9.0\aol.exe REG_SZ C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME
C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA
C:\APPS\skype\phone\Skype.exe REG_SZ C:\APPS\skype\phone\Skype.exe:*:Disabled:Skype
C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\Program Files\Hasbro Interactive\Clue\Clue.exe REG_SZ C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\APPS\Powercinema\PowerCinema.exe REG_SZ C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema
C:\Program Files\M6Video\M6video.exe REG_SZ C:\Program Files\M6Video\M6video.exe:*:Enabled:OneClick
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe REG_SZ C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
C:\Program Files\Hercules\DualPix Exchange\Station2.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE REG_SZ C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE:*:Disabled:Canon IJ Network Scan Utility
C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE REG_SZ C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE:*:Disabled:Canon IJ Network Tool
C:\WINDOWS\system32\ftp.exe REG_SZ C:\WINDOWS\system32\ftp.exe:*:Enabled:Logiciel de transfert de fichiers
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09CC593B-E8A9-4491-927D-A3E33534DDD4}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F83CD9E-505E-4F87-BECE-0832A763E36F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2917297F-F02B-4B9D-81DF-494B6333150B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A344D34-5231-452A-8A57-D064AC9B7862}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87AF076E-D86D-4E87-ADDD-F05804E1F150}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.sfr.fr/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
149 Go total, 110 Go libre (73%), 6% fragment' (fragmentation du fichier 12%)

Il ne vous est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\002846_.tmp
Present !! : C:\WINDOWS\meta4.exe
Present !! : C:\WINDOWS\System32\_psisdecd.dll
Present !! : C:\WINDOWS\system32\AVSredirect.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\Process.exe
Present !! : C:\WINDOWS\System32\SrchSTS.exe
Present !! : C:\WINDOWS\Temp\JET4D50.tmp
Present !! : C:\WINDOWS\Temp\JET59F2.tmp
Present !! : C:\WINDOWS\Temp\JET68B7.tmp
Present !! : D:\Documents and Settings\Papa\Application Data\usb.inf
Present !! : D:\Documents and Settings\Papa\Local Settings\Temp\dw.log
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\CTPBSEQ.EXE
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsols_launcher.exe
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsonlinescanner.exe
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Update_9b5d.exe
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\_pulmo.exe
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Perflib_Perfdata_101c.dat
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsclm.dll
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\InstHelp.dll
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\uljzkidrkikgnomgl.dll
Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\xmllite.dll
Present !! : D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\SuggestedSites.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : NeroCheck
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet001\Services\BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet003\Services\BHDRVX86

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 20:27:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 20:27:51,23

Voila le rapport kill em txt
Pour zhp fix ,demain
Merci.Bonsoir.
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Papa (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 22:00:51 | 03/06/2010

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Norton Internet Security 16.5.0.134 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]16.5.0.134

C:\ -> Disque fixe local | 29,99 Go (12,42 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 148,5 Go (109,65 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\WINDOWS\002846_.tmp
Quarantined & Deleted !! : C:\WINDOWS\meta4.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\AVSredirect.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\Process.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\SrchSTS.exe
Quarantined & Deleted !! : C:\WINDOWS\Temp\JET1354.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\JET4D50.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\JET68B7.tmp
Quarantined & Deleted !! : D:\Documents and Settings\Papa\Application Data\usb.inf
Quarantined & Deleted !! : D:\Documents and Settings\Papa\Local Settings\Temp\dw.log
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\CTPBSEQ.EXE
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsols_launcher.exe
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsonlinescanner.exe
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Update_9b5d.exe
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\_pulmo.exe
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Perflib_Perfdata_101c.dat
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsclm.dll
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\InstHelp.dll
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\uljzkidrkikgnomgl.dll
Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\xmllite.dll
Quarantined & Deleted !! : D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\SuggestedSites.dat

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : NeroCheck
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHDRVX86
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Bonjour,

Aprés le long scan hier soir de kill em (voir le rapport ci dessus),j'ai tenté à nouveau ZHP Diag ce matin.
mais apres copié/collé des lignes et ok -tous- nettoyer,le PC plante (écran bleu avec inscriptions blanches signalant qu'il y a un problème avec le fichier "catchme",obligé de redémarrer.

Voilà ou j'en suis.
Merci.

Bonjour" Moment de grâce",

je vais faire Combofix aujourd'hui.

Qu'entends- tu par désactiver antispyware(je n'ai que spybot et cc cleaner, en sont ils ?mais je crois qu'ils n'agissent pas en direct).

Qu'a donné le scan précédent de kill'em ?a-t-il résolu des problèmes ?

Suis-je sur la bonne voie ou y-a-t-il des problèmes importants et difficiles à régler.

Merci de ta patience et de ton aide.

Bonne journée.

Re bonjour,
Voici le rapport ComboFix:
ComboFix 10-06-03.01 - Papa 05/06/2010 14:40:27.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.344 [GMT 2:00]
Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\unins000.exe
c:\windows\system32\raFSyamf.dll
d:\documents and settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07
d:\documents and settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\enemies-names.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-05 au 2010-06-05 ))))))))))))))))))))))))))))))))))))
.

2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
2010-06-02 17:02 . 2010-06-04 06:48 -------- d-----w- c:\program files\ZHPDiag
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- d:\documents and settings\Papa\Application Data\Street-Ads
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- d:\documents and settings\Papa\Application Data\Sky-Banners
2010-05-31 10:18 . 2010-05-31 10:18 50981 ----a-w- c:\windows\system32\dbuwrhfolodm.exe
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\nhhcuetp.exe
2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 08:24 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 08:21 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-05 08:21 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
2010-06-01 11:10 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MChk"="c:\windows\system32\nhhcuetp.exe" [2010-05-24 40633]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6901:TCP"= 6901:TCP:video msn mesenger
"1863:TCP"= 1863:TCP:dialogues msn messenger

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-05 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: micosoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{75CDAD94-467E-4D15-BB9E-EEBFCF865897} - c:\windows\system32\rafsyamf.dll
HKLM-Run-StandardInstall - (no file)
HKLM-Run-skb - rafsyamf.dll
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 14:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
"??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
"Increment"=".011494"
"FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
"PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
"PHSH"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-06-05 14:52:38
ComboFix-quarantined-files.txt 2010-06-05 12:52

Avant-CF: 13 158 604 800 octets libres
Après-CF: 13 333 561 344 octets libres

- - End Of File - - AA481E6B08B34083EDAD5A665C7ABB36

Srpski | ?????????? | ??????? | Suomi | ihMdI | | ????? | | Slovens?ina | Dansk | ??????? | Român? | Türkçe | Nederlands | ???????? | Svenska | Português | Italiano | | | Magyar | Deutsch | ?esky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

Fichier rbkcdqjf.dll reçu le 2010.06.05 14:01:08 (UTC)
Situation actuelle: terminé

Résultat: 3/41 (7.32%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.26 2010.06.05 Trojan.Win32.BHO!IK
AhnLab-V3 2010.06.05.00 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.05 -
Avast 4.8.1351.0 2010.06.05 -
Avast5 5.0.332.0 2010.06.05 -
AVG 9.0.0.787 2010.06.05 -
BitDefender 7.2 2010.06.05 -
CAT-QuickHeal 10.00 2010.06.05 -
ClamAV 0.96.0.3-git 2010.06.05 -
Comodo 4995 2010.06.05 -
DrWeb 5.0.2.03300 2010.06.05 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.04 -
F-Secure 9.0.15370.0 2010.06.05 -
Fortinet 4.1.133.0 2010.06.05 -
GData 21 2010.06.05 -
Ikarus T3.1.1.84.0 2010.06.05 Trojan.Win32.BHO
Jiangmin 13.0.900 2010.06.05 -
Kaspersky 7.0.0.125 2010.06.05 -
McAfee 5.400.0.1158 2010.06.05 -
McAfee-GW-Edition 2010.1 2010.06.05 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.5802 2010.06.05 -
NOD32 5174 2010.06.05 -
Norman 6.04.12 2010.06.05 -
nProtect 2010-06-05.01 2010.06.05 -
Panda 10.0.2.7 2010.06.05 -
PCTools 7.0.3.5 2010.06.05 -
Prevx 3.0 2010.06.05 -
Rising 22.50.05.03 2010.06.05 -
Sophos 4.53.0 2010.06.05 -
Sunbelt 6409 2010.06.05 -
Symantec 20101.1.0.89 2010.06.05 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.05 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.5.2339 2010.06.05 -
VirusBuster 5.0.27.0 2010.06.04 -
Information additionnelle
File size: 309760 bytes
MD5 : 881328ecad1933b991b3444fbe9e83e5
SHA1 : 47581556f37d1395b36fbf7610f557338d48ca0f
SHA256: be5a54f81697181c7bd2aa982a080a90adccd5e0384a253e76c0a194967d487e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x28CE6
timedatestamp.....: 0x4C082911 (Fri Jun 4 00:13:37 2010)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x35896 0x35A00 6.55 f40e246769e6299cb2d7db103a038f6f
.rdata 0x37000 0xAD62 0xAE00 4.72 1c2b018c91a34b146a25e407afff0616
.data 0x42000 0x6468 0x4800 6.26 74f77f5830b8f18aca6e378b9660a2ec
.rsrc 0x49000 0x990 0xA00 3.37 eebbe9ca4cb1fca432c6c3c3e6c8b193
.reloc 0x4A000 0x5AFA 0x5C00 4.92 cac33d99ce4f3f2dcb7e13d8075ec6c6

( 7 imports )

> advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegEnumKeyExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteKeyA
> gdiplus.dll: GdiplusShutdown
> kernel32.dll: InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceA, FindResourceExA, lstrlenA, lstrcmpiA, lstrlenW, lstrcpyA, GetModuleHandleA, GetModuleFileNameA, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, Sleep, GetTickCount, lstrcatA, HeapFree, GetProcessHeap, FlushInstructionCache, GetCurrentProcess, HeapAlloc, GetCurrentThreadId, CompareStringA, CompareStringW, GetEnvironmentVariableA, CloseHandle, GetLastError, ResumeThread, WaitForSingleObject, CreateThread, SetEnvironmentVariableA, FreeLibrary, GetProcAddress, LoadLibraryA, CreateFileA, CreateDirectoryA, ReleaseMutex, SetEvent, ResetEvent, CreateMutexA, CreateEventA, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpA, FileTimeToSystemTime, FileTimeToLocalFileTime, WriteFile, GetFileTime, GetVolumeInformationA, RaiseException, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, GetStartupInfoA, InterlockedExchange, GetFileType, GetStdHandle, SetHandleCount, TerminateProcess, SetUnhandledExceptionFilter, GetCurrentProcessId, QueryPerformanceCounter, IsBadWritePtr, VirtualFree, HeapCreate, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetCPInfo, GetOEMCP, GetDateFormatA, GetTimeFormatA, IsBadReadPtr, GetCommandLineA, GetSystemTimeAsFileTime, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, RtlUnwind, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadCodePtr, GetStringTypeW, GetStringTypeA, GetTimeZoneInformation, LCMapStringW, LCMapStringA, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, ExitProcess, HeapSize, HeapReAlloc, LocalAlloc, LocalFree, HeapDestroy
> msimg32.dll: TransparentBlt, AlphaBlend
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: -, SHGetFileInfoA, SHGetSpecialFolderPathA
> shlwapi.dll: SHCopyKeyA, StrToIntA, PathFindExtensionA, StrCmpNA

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer
TrID : File type identification
Windows OCX File (46.2%)
Win64 Executable Generic (32.0%)
Win32 Executable MS Visual C++ (generic) (14.1%)
Win32 Executable Generic (3.1%)
Win32 Dynamic Link Library (generic) (2.8%)
Symantec reputation: Suspicious.Insight https://www.broadcom.com/support/security-center
ssdeep: 6144:1H4cRZQZqCzVa3pSOiosLDY3JwMBmWSGjX:pLRZ+qCx6gDY3JfmW
sigcheck: publisher....: n/a
copyright....: All rights reserved.
product......:
description..:
original name: n/a
internal name: n/a
file version.: 1.8.5.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

ComboFix 10-06-03.01 - Papa 06/06/2010 11:13:03.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.404 [GMT 2:00]
Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\dbuwrhfolodm.exe"
"c:\windows\system32\nhhcuetp.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dbuwrhfolodm.exe
c:\windows\system32\nhhcuetp.exe
c:\windows\system32\raFSyamf.dll
d:\documents and settings\Papa\Application Data\Sky-Banners
d:\documents and settings\Papa\Application Data\Sky-Banners\skb\log.xml
d:\documents and settings\Papa\Application Data\Street-Ads

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-06 au 2010-06-06 ))))))))))))))))))))))))))))))))))))
.

2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
2010-06-02 17:02 . 2010-06-04 06:48 -------- d-----w- c:\program files\ZHPDiag
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 09:25 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-06 09:25 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-05 17:58 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-05 08:24 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"skb"="rafsyamf.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6901:TCP"= 6901:TCP:video msn mesenger
"1863:TCP"= 1863:TCP:dialogues msn messenger

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: micosoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{83861E3D-6FC3-4E6C-94E1-CC81502DD171} - c:\windows\system32\rafsyamf.dll
HKLM-Run-MChk - c:\windows\system32\nhhcuetp.exe
AddRemove-Language pack for Ad-Aware SE - c:\progra~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 11:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
"??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
"Increment"=".011494"
"FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
"PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
"PHSH"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2544)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\RTHDCPL.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-06-06 11:31:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-06 09:31
ComboFix2.txt 2010-06-05 12:52

Avant-CF: 13 344 337 920 octets libres
Après-CF: 13 307 375 616 octets libres

- - End Of File - - 7D8B3B2B62B3060D0BE7CB48F448E454

http://www.cijoint.fr/cjlink.php?file=cj201006/cijzjzVHBL.txt

Bonsoir,

Voilà le rapport yoog fix.
Merci.
Yoog_Fix 3.0.1 de Batch_Man | Papa (Administrateur)
Debut a 19:09 le 07/06/2010
Microsoft Windows XP Édition familiale(5.1.2600)

Intel(R) Pentium(R) 4 CPU 3.20GHz
Ram : 1023,5 Mo
Normal boot

Antivirus: Norton Internet Security 16.5.0.134 (Activated)
Pare-Feu: Norton Internet Security 16.5.0.134 (Activated)
Lancé de "D:\Documents and Settings\Papa\Bureau\Yoog_Fix.bat"

C:\ [Fixed] - NTFS - (Total:30710 Mo/Free:405 Mo)
D:\ [Fixed] - NTFS - (Total:152068 Mo/Free:160 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Option [1] 2 3 Recherche / Suppression

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]


------------[Suspects]

Aucun fichier suspect trouvé


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse de Firefox]


------------[Analyse de Firefox]


Firefox non installé


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

Internet Explorer : 8.0.6001.18702

L1 = HKLM\..\Main.Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
L1 = HKLM\..\Main.Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
L1 = HKCU\..\Main.Start Page = https://www.sfr.fr/
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-19\..\Main.Window Title = Packard Bell
L1 = HKU\S-1-5-20\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-20\..\Main.Window Title = Packard Bell
L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Main.Start Page = https://www.sfr.fr/
L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
L1 = HKLM\..\Main.Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
L1 = HKLM\..\Search.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-19\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-20\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-19\..\Main.First Home Page= file://C:\APPS\IE\offline\fr.htm
L1 = HKU\S-1-5-20\..\Main.First Home Page= file://C:\APPS\IE\offline\fr.htm
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
L2 = HKCU\..\Internet Connection Wizard.ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
InPrivate = res://ieframe.dll/inprivate.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm

--------[Browser Helper Object]

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3},@SANS NOM=3.0
BHO: {527B218C-EFBF-4C90-8F5F-B572A0CE2697},@SANS NOM=3.0
BHO: {527B218C-EFBF-4C90-8F5F-B572A0CE2697},@SANS NOM=Street-Ads Browser Enhancer rbkcdqjf
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408},@SANS NOM=3.0
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408},@SANS NOM=Symantec NCO BHO
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C},@SANS NOM=3.0
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C},@SANS NOM=Symantec Intrusion Prevention
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=3.0
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=3.0
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=3.0
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl

--------[SearchScopes]

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\..\SearchScopes],@DefaultScope={AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}
[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\..\SearchScopes\{AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}],@DisplayName=Google
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}],@DisplayName=Google

--------[Extensions]

@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

--------[Clé Run]


------------[Autres infections]




»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Autres rapports]


[07/06/2010 19:13] C:\Yoog_Fix\Logs\Rapport_07_06_2010_n1.txt - (Choix 1 : Recherche / Suppression)

-------------------------->>

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_07_06_2010_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com


+--------------[Fin à 19h 13min]

Comme les autres fois plantage du pc au moment de nettoyer avec ZHP Fix
Message "uninstall this wizard "smart"" yes or no .Que je tape yes or no ,le pc plante .???

ComboFix 10-06-03.01 - Papa 07/06/2010 21:26:19.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.422 [GMT 2:00]
Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\dbuwrhfolodm.exe"
"c:\windows\system32\nhhcuetp.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Papa\Application Data\Street-Ads

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 ))))))))))))))))))))))))))))))))))))
.

2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
2010-06-02 17:02 . 2010-06-07 18:34 -------- d-----w- c:\program files\ZHPDiag
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 19:38 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-07 19:38 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"skb"="rafsyamf.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6901:TCP"= 6901:TCP:video msn mesenger
"1863:TCP"= 1863:TCP:dialogues msn messenger

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: micosoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 21:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
"??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
"Increment"=".011494"
"FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
"PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
"PHSH"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2528)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-06-07 21:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-07 19:45
ComboFix2.txt 2010-06-06 09:31
ComboFix3.txt 2010-06-05 12:52

Avant-CF: 13 253 554 176 octets libres
Après-CF: 13 231 243 264 octets libres

- - End Of File - - 20833367611BBB834F7B58AA86DA0873

Bonjour,

Oui,pourquoi ?

ou le rapport n'est pas le bon
ou la manip a échoué

donc

poster le bon rapport
ou refaire la manip

OK, en fin d'après-midi.
Merci.

ComboFix 10-06-03.01 - Papa 08/06/2010 16:34:15.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.434 [GMT 2:00]
Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\rbkcdqjf.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rbkcdqjf.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-08 au 2010-06-08 ))))))))))))))))))))))))))))))))))))
.

2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
2010-06-02 17:02 . 2010-06-07 18:34 -------- d-----w- c:\program files\ZHPDiag
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 14:46 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-08 14:46 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"skb"="rafsyamf.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6901:TCP"= 6901:TCP:video msn mesenger
"1863:TCP"= 1863:TCP:dialogues msn messenger

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: micosoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{527B218C-EFBF-4C90-8F5F-B572A0CE2697} - c:\windows\system32\rbkcdqjf.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 16:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
"??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
"Increment"=".011494"
"FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
"PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
"PHSH"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3272)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-06-08 16:52:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-08 14:52
ComboFix2.txt 2010-06-07 19:45
ComboFix3.txt 2010-06-06 09:31
ComboFix4.txt 2010-06-05 12:52

Avant-CF: 13 235 712 000 octets libres
Après-CF: 13 197 889 536 octets libres

- - End Of File - - 152FCDBD79CD1E8E94BAE136B8E6C427

Rapport fait,mais impossible à envoyer

passes par http://www.cijoint.fr/ ou https://www.cjoint.com/

http://www.cijoint.fr/cjlink.php?file=cj201006/cijD7u9Uzf.txt

Enfin!!!!!!!

Au démarrage du PC,message suivant:

RUN DLL

Erreur chargement de "rafsyamf.dll"

le module spécifié est introuvable .

Je clique sur OK, et le message disparait....

ZHPFix v1.12.3104 by Nicolas Coolman - Rapport de suppression du 08/06/2010 20:25:53
Fichier d'export Registre : C:\ZHPExportRegistry-08-06-2010-20-25-53.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM] => Clé supprimée avec succès
O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM] => Clé supprimée avec succès
HKCU\Software\Sky-Banners => Clé supprimée avec succès
HKCU\Software\Street-Ads => Clé supprimée avec succès
HKLM\Software\Sky-Banners => Clé supprimée avec succès
HKLM\Software\Street-Ads => Clé supprimée avec succès

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Préférences navigateur :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM] => Logiciel supprimé avec succès
O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM] => Logiciel supprimé avec succès

Script Registre :
(Néant)

Master Boot Record :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 6
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 2
Master Boot Record : 0
Préférences navigateur : 0
Autre : 0


End of the scan

vu

=> SEAF

1. ========================= SEAF 1.0.0.7 - C_XX
2.
3. Commencé à: 20:46:00 le 08/06/2010
4.
5. Valeur(s) recherchée(s):
6.
7. rafsyamf.dll
8.
9. (!) --- Calcul du Hash "MD5"
10. (!) --- Affichage des ADS
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
15.
16. "c:\Qoobox\Quarantine\C\WINDOWS\system32\rafsyamf.dll.vir" [ ----A---- | 327680 ]
17. TC: 04/06/2010,00:11:38 | TM: 04/06/2010,00:11:38 | DA: 06/06/2010,14:21:51
18. MD5: 46a19d2fd341c55a5aab4c8257883bda
19.
20.
21. ProductVersion: 1.8.5.0
22. FileVersion: 1.8.5.0
23.
24. =========================
25.
26. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
27.
28. Aucun dossier trouvé
29.
30.
31. ====== Entrée(s) du registre ======
32.
33.
34.
35. [HKEY_CLASSES_ROOT\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
36. ""="C:\WINDOWS\system32\rafsyamf.dll"
37.
38. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
39. ""="C:\WINDOWS\system32\rafsyamf.dll"
40.
41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
42. "skb"="rundll32 "rafsyamf.dll",,Run"
43.
44. =========================
45.
46. Fin à: 20:48:46 le 08/06/2010 ( E.O.F )

Bonjour,
Debout de bon matin comme moi !
Merci,je fais ça dans l'aprés-midi.
Tu peux me dire où on en est dans la désinfection,je crois que ça se termine,non?
Bonne journée.

si on regle ca

Erreur chargement de "rafsyamf.dll"

et que tu me confirmes ensuite que tout va bien...alors oui, nous finaliserons

ComboFix 10-06-03.01 - Papa 09/06/2010 16:34:24.5.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.444 [GMT 2:00]
Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-09 au 2010-06-09 ))))))))))))))))))))))))))))))))))))
.

2010-06-08 18:42 . 2010-06-08 18:48 -------- d-----w- c:\program files\SEAF
2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
2010-06-02 17:02 . 2010-06-08 18:25 -------- d-----w- c:\program files\ZHPDiag
2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 14:47 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-09 14:47 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-08 17:03 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
.

((((((((((((((((((((((((((((( SnapShot@2010-06-05_12.48.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 14:44 . 2010-06-09 14:44 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
+ 2010-06-09 14:43 . 2010-06-09 14:43 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat
+ 2004-08-16 15:40 . 2010-06-09 14:47 71482 c:\windows\system32\perfc009.dat
- 2004-08-16 15:40 . 2010-06-05 08:21 71482 c:\windows\system32\perfc009.dat
- 2010-05-31 10:18 . 2010-06-04 07:01 79782 c:\windows\$NtUninstallMTF1011$\apUninstall.exe
+ 2004-08-16 15:40 . 2010-06-09 14:47 441704 c:\windows\system32\perfh009.dat
- 2004-08-16 15:40 . 2010-06-05 08:21 441704 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6901:TCP"= 6901:TCP:video msn mesenger
"1863:TCP"= 1863:TCP:dialogues msn messenger

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: micosoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 16:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
"??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

[HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
"Increment"=".011494"
"FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
"PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
"PHSH"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2916)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-06-09 16:53:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-09 14:52
ComboFix2.txt 2010-06-08 14:52
ComboFix3.txt 2010-06-07 19:45
ComboFix4.txt 2010-06-06 09:31
ComboFix5.txt 2010-06-09 14:33

Avant-CF: 13 611 376 640 octets libres
Après-CF: 13 586 976 768 octets libres

- - End Of File - - 35F340D08648F9749ADE8FF7891067AA

Bonsoir,

Merci pour ta disponibilité journalière.

Je viens d'éteindre et de rallumer mon pc et le message RUN n'est pas apparu.